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a filter, responsive to the configuration data, to selectively forward to the at least one 
storage device requests for access to the plurality of volumes received from the plurality of 
devices over the network, wherein each request identifies at least one of the plurality of 
^ //-devices that is represented to the storage system as having issued the request, and wherein the 
)M filter is adapted to verify that the at leasttone of the plurality of devices identified in at least 
one of the requests as having issued the atleast one of the requests is the device that issued the 
at least one of the requests. 



EMARKS 



Claims 1-32 were previously pending in this application. By this amendment, Applicant 
is canceling claim 28 without prejudice or disclaimer. Claims 1, 15, and 21 have been amended. 
As a result, claims 1-27 and 29-32 are pending for examination with claims 1, 15,and21 being 
independent claims. No new matter has been added. 

Ericson- U.S. Patent No. 6.061,753 

On January 15, 2003, Applicant petitioned for withdrawal of the present application 
from issue under 37 C.F.R. §313(c)(2) to permit consideration of an Information Disclosure 
Statement citing additional prior art. In particular, Applicant submitted U.S. Patent No. 
6,061,753 by Ericson (hereinafter "Ericson") and a corresponding EPO publication for 
consideration. Applicant has amended the independent claims to distinguish over Ericson, and 
submits the following remarks. 

Ericson is directed to a system for controlling access to a selected portion target device 
(Abstract). A message having an initiator identifier is directed from an initiator device to the 
target device to request access to the selected portion of the target device referred to as a 
logical unit (Abstract, Col. 3, lines 58-62). Upon receipt of the request, it is determined if the 
initiator identifier is in a permitted set of identifiers associated with the selected portion of the 
target device (Abstract). If so, then access to the portion of the target device is permitted 
(Abstract). In particular, a target controller grants access to logical units based on an 
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association of initiator identifiers to the logical units (Col. 4, lines 40-47). Only those initiator 
identifiers associated with a particular target logical unit can access the particular target logical 

unit (Col. 4, lines 47-49). 

Ericson is performed in a SCSI environment where initiators are trusted, and therefore, 
authentication is not required. More particularly, an initiator indicated as having issued a 
request is trusted as being the actual source of the request. Therefore, Ericson relies only on 
the initiator identifier to determine whether access to a logical unit is permitted, and takes no 
action to authenticate the source of request (Col. 6, lines 23-26). 

The Claims Distinguish Ericson 

Claim 1 

Claim 1 had been amended to recite an act of "verifying that the represented source of 
the request is the one of the at least two devices that issued the request. " Ericson does not 
perform an act of verifying as recited. Ericson assumes that devices that issue requests are 
trusted and services requests received from initiators based solely on the initiator identifier in 
each request. According to one aspect of the present invention as discussed in the Applicant's 
specification on Page 4, lines 8-20, it is appreciated that devices may misrepresent their 
identities to gain access to a particular resource. By verifying that the device indicated by the 
request is the device that issued the request, devices cannot be falsely represented. In view of 
the foregoing, it is respectfully asserted that claim 1 patentably distinguishes over Ericson. 

Claim 15 

Independent claim 15 has been amended to recite a data structure to manage accesses to 
volumes of a storage system, the data structure comprising a plurality of records, at least one 
of which includes "authentication information that can be used by the storage system to 
determine whether the one of the plurality of devices that issued the request is the 
corresponding one of the plurality of devices. " As discussed above with respect to claim 1 , 
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Ericson does not verify that a device represented as having issued a request is the device that 
issued the request- Ericson teaches a data structure that maps a permitted set of logical units 
that can be accessed by a particular initiator, and determines access based only on this 



determine whether a device issued a request. In view of the foregoing> it is respectfully 
asserted that claim 15 patexxtably distinguishes over Ericson. 



Independent claim 21 has been amended to recite that "each request identifies at least 
one of the plurality of devices that is represented to the storage system as having issued the 
request, and wherein the filter is adapted to verify that the at least one of the plurality of 
devices identified in at least one of the requests as having issued the at least one of the requests 
is the device that issued the at least one of the requests. " As discussed above with respect to 
claim 1, Ericson does not verify that a device identified by a request as having issued the 
request is the device that issued the request. Therefore, it is respectfully asserted that claim 21 
patentably distinguishes over Ericson. 

An early and favorable action is respectfully requested. 



mapping. Ericson does not disclose a data structure having authentication information to 



Claim 21 



Respectfully submitted, 
Steven M Blumenau, Applicant 
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MARKED-UP CLAIMS 



Claims U 15, and 21 have been amended as follows: 



1 . (Amended) A data management method for managing access to a plurality of volumes 
of a storage system by at least two devices coupled to the storage system through a network, 
the method comprising steps of: 

receiving over the network at the storage system a request from one of the at least two 
devices for access to at least one of the plurality of volumes of the storage system, the request 
identifying the at least one of the plurality of volumes in the storage system and a represented 
source of the request : and 

selectively servicing* at the storage system, the request responsive to configuration data 
indicating that the one of the at least two devices is authorized to access the at least one of the 
plurality of volumes , wherein the step of selectively servicing compris es verifying that the 
represented source of the request is the one of the at least two d evices that issued the request. 

15. (Amended) A computer readable medium comprising: 

a first data structure to manage accesses by a plurality of devices to volumes of data at 
a storage system over a communication network, the storage system managing access 
responsive to [a request identifying] requests that each identifies one of the plurality of 
volumes of the storage system to be accessed and one of the plurality of devices thatjs 
represented as having issued the request , the first data structure comprising a plurality of 
records corresponding to the plurality of devices, [each of] the plurality of records comprising 
at least one record corresponding to one of the plurality of devices and including configuration 
information having at least one identifier that identifies which of the volumes of the storage 
system the one of the plurality of devices is authorized to access, and authentication 
information that can be used bv the storage syste m to determine whether the one of the 
plurality of devices that issued the request is the corresponding one of the plurality of devices . 
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21. (Amended) A storage system comprising: 

at least one storage device apportioned into a plurality of volumes; 

a configuration table to store configuration data identifying which of a plurality of 
devices coupled to the storage system via a network are authorized to access each of the 
plurality of volumes; and 

a filter, responsive to the configuration data, to selectively forward to the at least one 
storage device requests for access to the plurality of volumes received from the plurality of 
devices over the nfttwnr V, wherein each request identi fies at least one of the plurality of 
devices that is represented to the storage system as having issued the request, and wherein the 
filter is adapted to verify that the at least one of th e plurality of devices identified in at least 
one of the requests as ha vin g issued the at least on e of the requests is the device that issued the 
at least one of the requests . 
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